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DETAILED ACTION 



This action is responsive to the application filed July 5, 2000. Claims 1-25 and 
27-29 are pending. Claims 1-25 and 27-29 represent high performance packet 
processing using a general purpose processor. 



1. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or nnore claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claim 13 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

3. Claim 13 recites the limitation "said at least one data processing policy in said 
policy action table" in lines 4 and 5. There is insufficient antecedent basis for this 
limitation in the claim. 



4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



Claim Rejections - 35 USC § 112 



Claim Rejections - 35 USC § 102 
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5. Claims 1-15, 19-25, and 27-29 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Abraham etaL, U.S. Patent No. 5,983,270. 

Abraham teaches the invention as claimed including the monitoring, logging and 
blocking data packets transmitted via an intranetwork or internetwork (see abstract). 
Regarding claim 1, an apparatus for processing data packets, comprising: 

a first data processing unit adapted to filter incoming packets (col. 2, lines 31-60. 
Abraham discloses a filter engine); 

an addressable memory unit in which a plurality of instruction sets for packet 
processing are stored (col. 2, lines 31-60; col. 7, Abraham discloses a set of rules and a 
rules and logging database); 

a second data processing unit adapted to process incoming packets according to 
one of said plurality of instruction sets (col. 2, lines 31-60; col. 7, Abraham discloses a 
filter executive); and 

a data bus connecting the addressable memory unit and the first and second 
data processing units, (col. 2, lines 31-60; col. 7, Abraham discloses a network 
connecting the units). 

Regarding claim 2, the apparatus of claim 1 , further comprising a policy condition table 
connected to said first data processing unit, said policy condition table having a plurality 
of rules stored therein (col. 2, lines 31-60; col. 7; col. 9, lines 43-65; Abraham discloses 
a set of rules in a database). 

Regarding claim 3, the apparatus of claim 1 , further comprising a policy action table 
connected to said data bus and said addressable memory unit, wherein said policy 
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action table stores at least one data processing policy (col. 2, lines 31-60; col. 7, 
Abraham discloses policies collected by a database). 

Regarding claim 4, the apparatus of claim 3, wherein at least one of said policies 
comprises: 

a first address pointer element for identifying the location in said addressable 
memory unit of one of said plurality of instruction sets (col. 7, Abraham discloses a GUI 
transmitting to a rules database), and 

a second address pointer element for identifying the location in said addressable 
memory unit of a state block (col. 5, lines 46-67; col. 6, lines 1-4; Abraham discloses the 
system administrator having access to what type of services and information each user 
may have access to on the Internet). 

Regarding claim 5, the apparatus of claim 3, wherein said first data processing unit 
assigns a thread to each said incoming packet, wherein said thread corresponds to one 
of said policies stored in said policy action table (col. 2, lines 31-60; col. 9, lines 43-65; 
Abraham discloses mapping information). 

Regarding claim 6, the apparatus of claim 3, wherein said first data processing unit 
comprises logic for matching a first incoming packet to a stored first rule and for 
generating a first thread if the first incoming packet matches said first rule, said first 
thread identifying the location of one of said at least one data processing policies in said 
policy action table (col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 
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Regarding claim 7, the apparatus of claim 6, wherein said second data processing unit 
is adapted to process the first incoming packet according to said data processing policy 
corresponding to said first thread (col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 
Regarding claim 8, the apparatus of claim 6, wherein said data processing policy 
comprises a first address pointer to a starting address of a first set of instructions and a 
second address pointer to a starting address of a state block stored in said addressable 
memory unit, said state block used by said first set of instructions for processing the first 
incoming packet (col. 5, lines 46-67; col. 6, lines 1-4; col. 7). 

Regarding claim 9, the apparatus of claim 6, wherein said thread is assigned to said first 
incoming packet based on said first rule (col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 
Regarding claim 10, the apparatus of claim 6, wherein said first processing unit further 
comprises logic for matching a second incoming packet to a stored second rule and for 
generating a second thread if the second incoming packet matches the second rule, 
said second thread identifying the location of one of said at least one data processing 
policy in said policy action table (col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 
Regarding claim 1 1, the apparatus of claim 10, wherein said second data processing 
unit is adapted to process the second incoming packet according to said data 
processing policy corresponding to said second thread (col. 2, lines 31-60; col. 7; col. 9, 
lines 43-65). 

Regarding claim 12, the apparatus of claim 10, wherein said second thread is assigned 
to said second incoming packet based on said second rule (col. 2, lines 31-60; col. 7; 
col. 9, lines 43-65). 
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Regarding claim 13, the apparatus of claim 1 , wherein said first processing unit further 
comprises logic for matching a plurality of incoming packets to a stored corresponding 
plurality of rules and for generating a thread for each packet that matches one of said 
plurality of rules, each said thread identifying the location of one of said at least one 
data processing policy in said policy action table (col. 2, lines 31-60; col. 7; col. 9, lines 
43-65). 

Regarding claim 14, the apparatus of claim 13, wherein the second data processing unit 
is adapted to process each packet according to said data processing policy 
corresponding to said thread associated with said packet (col. 2, lines 31-60; col. 7; col. 
9, lines 43-65). 

Regarding claim 15, the apparatus of claim 13, further comprising a memory unit 
connected to said first data processing unit and to said second data processing unit, 
said memory unit adapted to temporarily store packets before processing by said 
second data processing unit (col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 
Regarding claim 19, a method for processing data packets, comprising: 

receiving a first incoming packet (col. 9, lines 43-65, Abraham discloses inbound 
packets); 

determining whether to admit the first incoming packet (col. 9, lines 43-65, 
Abraham discloses a filter engine that verifies packets); 

assigning a first thread to the first incoming packet if said first incoming packet is 
admitted, wherein said first thread points to a stored policy (col. 9, lines 43-65, Abraham 
discloses mapping information and filter engine rules); and 
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processing the first incoming packet according to said stored policy (col. 9, lines 
43-65, Abraham discloses the filtering of packets). 

Regarding claim 20, the method of claim 19, wherein said stored policy comprises a first 
address pointer pointing to the location of a first set of instructions, and wherein said 
processing step utilizes said first set of instructions to process said first incoming packet 
(col. 7). 

Regarding claim 21 , the method of claim 20, wherein said stored policy further 
comprises a second address pointer pointing to the location of a state block, and 
wherein said processing step utilizes said state block to process the first incoming 
packet (col. 5, lines 46-67; col. 6, lines 1-4). 

Regarding claim 22, the method of claim 19, further comprising the step of storing at 
least one policy in a policy action table (col. 2, lines 31-60; col. 7). 
Regarding claim 23, the method of claim 22, further comprising the step of updating 
said policy action table (col. 17, lines 7-67; col. 18, lines 1-14; Abraham discloses 
adding a mle to the database). 

Regarding claim 24, the method of claim 19, wherein said determining step further 
comprises searching a policy condition table for a rule corresponding to the contents of 
the first incoming packet (col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 
Regarding claim 25, the method of claim 19, further comprising the step of placing the 
first incoming packet in a processing queue after said assigning step and before said 
processing step (col. 9, lines 43-65). 

Regarding claim 27, a method for processing data packets, comprising: 
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storing a plurality of policies in memory (col. 7, Abraham discloses policies stored 
in mass memory); 

updating the policies in the memory for implementing policy changes in a data 
processing unit (col. 17, lines 7-67; col. 18, lines 1-14); 

receiving incoming packets in the data processing unit (col. 9, lines 43-65); 

looking up at least one corresponding policy in the memory utilizing the data 
processing unit (col. 9, lines 43-65); and 

processing the incoming packets according to the at least one corresponding 
policy in the memory utilizing the data processing unit (col. 9, lines 43-65). 
Regarding claim 28, a system for processing data packets, comprising: 

memory for storing a plurality of policies (col. 7); and 

logic for updating the policies in the memory for implementing policy changes in a 
data processing unit (col. 17, lines 7-67, col. 18, lines 1-14); 

wherein the data processing unit is adapted for receiving incoming packets, 
looking up at least one corresponding policy in the memory, and processing the 
incoming packets according to the at least one corresponding policy in the memory (col. 
9, lines 43-65). 

Regarding claim 29, A system for processing data packets, comprising: 
means for storing a plurality of policies (col. 7); 

means for updating the policies for implementing policy changes (col. 17, lines 7- 
67, col. 18, lines 1-4); 

means for receiving incoming packets (col. 9, lines 43-65); 
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means for looking up at least one corresponding policy (col. 9, lines 43-65); and 
means for processing the incoming packets according to the at least one 
corresponding policy using a plurality of threads (col. 9, lines 43-65). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, If the differences between the subject nnatter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Abraham et al. further in view of Murakami et al., U.S. Patent No. 6,065,065. 

Abraham teaches the invention substantially as claimed including the monitoring, 
logging and blocking data packets transmitted via an intranetwork or internetwork (see 
abstract). 

As to claim 16, Abraham teaches the method of claim 1 . 

Abraham fails to teach the limitation further including the second data processing 
unit comprising a plurality of general purpose processors for executing instructions in 
parallel. 

However, Murakami teaches a parallel computer including a file system for 
storing and processing a massive volume of data (see abstract). Murakami teaches the 
invention use of a parallel computer system (col. 1 , lines 50-67; col. 2, lines 1-14). 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Murakami to use a plurality of general purpose 
processors for executing instructions in parallel. One would be motivated to do so 
because executing instructions in parallel will allow the unit to run more processes at 
once allowing for overall faster speeds. 

8. Claims 17 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Abraham and Murakami further in view of Scales, U.S. Patent No. 5,761 ,729. 

Abraham teaches the invention substantially as claimed including the monitoring, 
logging and blocking data packets transmitted via an intranetwork or internetwork (see 
abstract). Murakami teaches the invention substantially as claimed including a parallel 
computer including a file system for storing and processing a massive volume of data 
(see abstract). 

As to claim 17, Abraham and Murakami teach the method of claim 16. 

Abraham and Murakami fail to teach the limitation further including at least one 
said general purpose processor comprising a complex instruction set computer 
processor. 

However, Scales teaches a distributed computer system including a distributed 
shared memory (see abstract). Scales shows evidence of the use of a complex 
instruction set computer processor (col. 1, lines 63-67; col. 2, lines 1-7, 49-67; col. 3, 
lines 1-8, 41-63). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham and Murakami in view of Scales to use a complex 
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instruction set computer processor. One would be motivated to do so because a 
complex instruction set processor can perform several low-level operations and can 
deal with packet complexity. 

As to claim 18, Abraham and Murakami teach the method of claim 16. 

Abraham and Murakami fail to teach the limitation further including at least one 
said general purpose processor comprising a reduced instruction set computer 
processor. 

However, Scales teaches a distributed computer system including a distributed 
shared memory (see abstract). Scales shows evidence of the use of a reduced 
instruction set computer processor (col. 1, lines 63-67; col. 2, lines 1-7, 49-67; col. 3, 
lines 1-8,41-63). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham and Murakami in view of Scales to use a reduced 
instruction set computer processor. One would be motivated to do so because a 
reduced instruction set processor allows for rapid execution of a sequence of simple 
instructions. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

U.S. Pat. No. 5,615,340 to Dai et al. 

U.S. Pat. No. 6,647,418 to Maria et al. 
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U.S. Pat. No. 6,493,752 to Lee et al. 
U.S. Pat. No. 6,253,321 to Nikanderet al. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Avi Gold whose telephone number is 703-305-8762. 
The examiner can normally be reached on M-F 8:00-5:30 (1st Friday Off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on 703-308-7562. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Avi Gold 
Patent Examiner 
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